FIX: do not required event edit permissions for self event registration

2021-06-24 16:40:52 +02:00 · 2021-06-24 16:40:52 +02:00 · 90bae7eeeb
parent 2966635b4b
commit 90bae7eeeb
5 changed files with 39 additions and 19 deletions
--- a/resources/js/dashboard.js
+++ b/resources/js/dashboard.js
@ -8,6 +8,7 @@ DashboardModule = (function () {
    let start = async function(){
        await load_templates();
        let etypes = await load_event_types_async();
+        if(check_for_permission_async("modules.event_management.view")){
            let events = await load_events();
            $(events).each(function(){
                let etype = this.etype;
@ -21,6 +22,7 @@ DashboardModule = (function () {
                this.etype_name = name;
            });
            $(".events_registered_future").append(templates.event_list(events));
+        }
    };
    let load_templates = async function(){
        let res = await $.get("/templates/dashboard_event_list.hbs");
--- a/resources/js/em_eventlist.js
+++ b/resources/js/em_eventlist.js
@ -283,10 +283,8 @@ EventListModule = ( function() {
        }
    };
    let check_edit_permission_callback = function(has_permission){
-        console.log("Test"+has_permission);
        if(has_permission === true){
            $(".eventlist_navtabs").each(function(){
-                console.log("test2");
                $(this).append("<li class=\"nav-item\"><a class=\"nav-link\" href=\"/portal/em/event?id="+$(this).data("entity-id")+"\">Einsatz bearbeiten</a></li>")
            });
        }
--- a/resources/js/global.js
+++ b/resources/js/global.js
@ -39,6 +39,26 @@ function check_for_permission(callback, permission, entity_id){
    });
 }

+async function check_for_permission_async(permission, entity_id){
+    let optional_entity = "";
+    if(entity_id){
+        optional_entity = "&entity_id="+entity_id;
+    }
+
+    const res = $.ajax({
+        type: "GET",
+        url: "/api/info/caller/permissions?permission="+permission+optional_entity,
+        contentType: 'application/json',
+        timeout: 3000,
+        error: function () {
+            alert("Verbindung zum Server unterbrochen!");
+        },
+    });
+    if(is_ok(res)) {
+        return res;
+    }
+}
+
 let get_member = async function (entity_id){
    const res = await $.ajax({
        type: "GET",
--- a/resources/templates/versiontag.hbs
+++ b/resources/templates/versiontag.hbs
@ -1 +1 @@
-v0.2-20-g84971cf
+v0.2-22-g2966635
--- a/src/modules/api/events/instances/read.rs
+++ b/src/modules/api/events/instances/read.rs
@ -34,9 +34,9 @@ pub fn read_positions_for_instance(
    instance_id: String,
 ) -> Result<Json<Vec<EventUnitInstancePosition>>, Json<ApiErrorWrapper>> {
    let caller = parse_member_cookie(cookie.member)?;
-    if !caller.has_permission(crate::permissions::modules::event_management::events::EDIT.to_string()) {
+    if !caller.has_permission(crate::permissions::modules::event_management::events::VIEW.to_string()) {
        return Err(Json(
-            ApiError::new(403, "Keine Berechtigung Einsätze zu bearbeiten!".to_string()).to_wrapper(),
+            ApiError::new(403, "Keine Berechtigung Einsätze abzurufen!".to_string()).to_wrapper(),
        ));
    }

@ -53,9 +53,9 @@ pub fn read_vehicle_positions_for_instance(
    instance_id: String,
 ) -> Result<Json<Vec<EventUnitInstanceVehiclePosition>>, Json<ApiErrorWrapper>> {
    let caller = parse_member_cookie(cookie.member)?;
-    if !caller.has_permission(crate::permissions::modules::event_management::events::EDIT.to_string()) {
+    if !caller.has_permission(crate::permissions::modules::event_management::events::VIEW.to_string()) {
        return Err(Json(
-            ApiError::new(403, "Keine Berechtigung Einsätze zu bearbeiten!".to_string()).to_wrapper(),
+            ApiError::new(403, "Keine Berechtigung Einsätze abzurufen!".to_string()).to_wrapper(),
        ));
    }